Integrate Wiz with Google SecOps

This document explains how to integrate Wiz with Google Security Operations (Google SecOps).

Integration version: 1.0

Before you begin

To use the integration, you need an API Root, Client ID, and Client Secret.

For more information on how to generate these credentials, see Service Accounts settings .

Integration parameters

The Wiz integration requires the following parameters:

Parameter	Description
`API Root`	Required. The API Root of the Wiz instance.
`Client ID`	Required. The client ID associated with your Wiz API credentials.
`Client Secret`	Required. The client secret associated with your Wiz API credentials.
`Verify SSL`	Required. If selected, the integration validates the SSL certificate when connecting to the Wiz server. Enabled by default.

For instructions about how to configure an integration in Google SecOps, see Configure integrations .

You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances .

Actions

For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .

Ping

Use the Pingaction to test the connectivity to Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

None.

Action outputs

The Pingaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result.	Available

Output messages

The Pingaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully connected to the Wiz server with the provided connection parameters!`	The action succeeded.
`Failed to connect to the Wiz server! Error is ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully connected to the Wiz server with the provided connection parameters!

The action succeeded.

Failed to connect to the Wiz server!
      Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Pingaction:

Script result name	Value
`is_success`	`True` or `False`

Get Issue Details

Use the Get Issue Detailsaction to obtain information about a specified issue in Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

The Get Issue Detailsaction requires the following parameters:

Parameter Description

Parameter	Description
`Issue ID`	Required. The unique identifier of the Wiz issue to retrieve or act upon.

Issue ID

Required.

The unique identifier of the Wiz issue to retrieve or act upon.

Action outputs

The Get Issue Detailsaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result	Available

JSON result

The following example shows the JSON result output received when using the Get Issue Detailsaction:

  { 
  
 "id" 
 : 
  
 "f54e3fb9-a520-4e99-aacc-b99f6ae7f28d" 
 , 
  
 "createdAt" 
 : 
  
 "2025-07-26T11:47:43.94524Z" 
 , 
  
 "updatedAt" 
 : 
  
 "2025-07-31T07:34:54.445702Z" 
 , 
  
 "status" 
 : 
  
 "RESOLVED" 
 , 
  
 "severity" 
 : 
  
 "CRITICAL" 
 , 
  
 "type" 
 : 
  
 "TOXIC_COMBINATION" 
 , 
  
 "description" 
 : 
  
 "This container is using an image that contains a file identified as a high/critical severity malware by ReversingLabs.\n\nMalware can imply a malicious actor's presence in your environment. The malware can be used for crypto-mining, data leakage, lateral movement to other resources in your environment, etc." 
 , 
  
 "resolvedAt" 
 : 
  
 "2025-07-31T07:34:54.445702Z" 
 , 
  
 "entitySnapshot" 
 : 
  
 { 
  
 "cloudPlatform" 
 : 
  
 "GCP" 
 , 
  
 "id" 
 : 
  
 "1971f945-3476-5b3d-a5a1-ab166c3e2eca" 
 , 
  
 "name" 
 : 
  
 "cluster-solr" 
 , 
  
 "region" 
 : 
  
 "us-central1" 
 , 
  
 "subscriptionName" 
 : 
  
 "Wiz-Labs" 
 , 
  
 "type" 
 : 
  
 "KUBERNETES_CLUSTER" 
  
 }, 
  
 "projects" 
 : 
  
 [ 
  
 { 
  
 "id" 
 : 
  
 "904cbc14-1c52-571c-a6b8-46fee263eb0f" 
 , 
  
 "name" 
 : 
  
 "GCP Lab" 
  
 } 
  
 ], 
  
 "sourceRules" 
 : 
  
 [ 
  
 { 
  
 "id" 
 : 
  
 "wc-id-1038" 
 , 
  
 "name" 
 : 
  
 "Container using an image infected with critical/high severity malware" 
 , 
  
 "description" 
 : 
  
 "This container is using an image that contains a file identified as a high/critical severity malware by ReversingLabs.\n\nMalware can imply a malicious actor's presence in your environment. The malware can be used for crypto-mining, data leakage, lateral movement to other resources in your environment, etc." 
  
 } 
  
 ] 
 }

Output messages

The Get Issue Detailsaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully returned details for the following issue using information from Wiz: ISSUE_ID` `The action wasn't able to return details for the following entities using information from Wiz: ISSUE_ID`	The action succeeded.
`Error executing action "Get Issue Details". Reason: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully returned details for the following issue using information from Wiz: ISSUE_ID

The action wasn't able to return details for the following entities using information from Wiz: ISSUE_ID

The action succeeded.

Error executing action "Get Issue Details". Reason: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Get Issue Detailsaction:

Script result name	Value
`is_success`	`True` or `False`

Reopen Issue

Use the Reopen Issueaction to reopen a specified issue in Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

The Reopen Issueaction requires the following parameters:

Parameter Description

Parameter	Description
`Issue ID`	Required. The unique identifier of the issue in Wiz to retrieve or update.

Issue ID

Required.

The unique identifier of the issue in Wiz to retrieve or update.

Action outputs

The Reopen Issueaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result	Available

JSON result

The following example shows the JSON result output received when using the Reopen Issueaction:

  { 
  
 "id" 
 : 
  
 "41facd3f-29b0-4fcf-9a0c-e7fc40416aa0" 
 , 
  
 "note" 
 : 
  
 "" 
 , 
  
 "status" 
 : 
  
 "OPEN" 
 , 
  
 "dueAt" 
 : 
  
 null 
 , 
  
 "resolutionReason" 
 : 
  
 null 
 }

Output messages

The Reopen Issueaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully reopened issue with ID ISSUE_ID` in Wiz.	The action succeeded.
`Error executing action "Reopen Issue". Reason: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully reopened issue with ID ISSUE_ID in Wiz.

The action succeeded.

Error executing action "Reopen Issue". Reason: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Reopen Issueaction:

Script result name	Value
`is_success`	`True` or `False`

Ignore Issue

Use the Ignore Issueaction to ignore a specified issue in Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

The Ignore Issueaction requires the following parameters:

Parameter

Description

Issue ID

Required.

The unique identifier of the issue in Wiz.

Resolution Reason

Required.

The reason for the resolution of the issue.

The possible values are as follows:

False Positive
Exception
Won't Fix~

The default value is False Positive .

Resolution Note

Optional.

A note that gives additional context for the issue resolution.

Action outputs

The Ignore Issueaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result	Available

JSON result

The following example shows the JSON result output received when using the Ignore Issueaction:

  { 
  
 "id" 
 : 
  
 "41facd3f-29b0-4fcf-9a0c-e7fc40416aa0" 
 , 
  
 "note" 
 : 
  
 "" 
 , 
  
 "status" 
 : 
  
 "REJECTED" 
 , 
  
 "dueAt" 
 : 
  
 null 
 , 
  
 "resolutionReason" 
 : 
  
 "FALSE_POSITIVE" 
 }

Output messages

The Ignore Issueaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully ignored issue with ID ISSUE_ID` in Wiz.	The action succeeded.
`Error executing action "Ignore Issue". Reason: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully ignored issue with ID ISSUE_ID in Wiz.

The action succeeded.

Error executing action "Ignore Issue". Reason: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Ignore Issueaction:

Script result name	Value
`is_success`	`True` or `False`

Resolve Issue

Use the Resolve Issueaction to resolve a specified issue in Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

The Resolve Issueaction requires the following parameters:

Parameter

Description

Issue ID

Required.

The unique identifier of the issue in Wiz.

Resolution Reason

Required.

The reason for the resolution of the issue.

The possible values are as follows:

Malicious Threat
Not Malicious Threat
Security Test Threat
Planned Action Threat
Inconclusive Threat

The default value is Not Malicious Threat .

Resolution Note

Optional.

A note that gives additional context about the resolution.

Action outputs

The Resolve Issueaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result	Available

JSON result

The following example shows the JSON result output received when using the Resolve Issueaction:

  { 
  
 "id" 
 : 
  
 "0db2222f-7d1f-501a-9ad5-fe669c7da036" 
 , 
  
 "resolutionNote" 
 : 
  
 "" 
 , 
  
 "status" 
 : 
  
 "RESOLVED" 
 , 
  
 "dueAt" 
 : 
  
 null 
 , 
  
 "resolutionReason" 
 : 
  
 "NOT_MALICIOUS_THREAT" 
 }

Output messages

The Resolve Issueaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully resolved issue with ID ISSUE_ID` in Wiz.	The action succeeded.
`Error executing action "Resolve Issue". Reason: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully resolved issue with ID ISSUE_ID in Wiz.

The action succeeded.

Error executing action "Resolve Issue". Reason: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Resolve Issueaction:

Script result name	Value
`is_success`	`True` or `False`

Add Comment To Issue

Use the Add Comment To Issueaction to add a comment to a specified issue in Wiz.

This action doesn't run on Google SecOps entities.

Action inputs

The Add Comment To Issueaction requires the following parameters:

Parameter Description

Parameter	Description
`Issue ID`	Required. The unique identifier of the issue in Wiz.
`Comment`	Required. The text of the comment to add to the issue.

Issue ID

Required.

The unique identifier of the issue in Wiz.

Comment

Required.

The text of the comment to add to the issue.

Action outputs

The Add Comment To Issueaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result	Available

JSON result

The following example shows the JSON result output received when using the Add Comment To Issueaction:

  { 
  
 "createdAt" 
 : 
  
 "2025-08-01T11:59:00.843434941Z" 
 , 
  
 "id" 
 : 
  
 "6f997da2-85a0-4be2-b205-83ea19e9b17a" 
 , 
  
 "text" 
 : 
  
 "testing" 
 }

Output messages

The Add Comment To Issueaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully added a comment to the issue with ID ISSUE_ID` in Wiz.	The action succeeded.
`Error executing action "Add Comment To Issue". Reason: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully added a comment to the issue with ID ISSUE_ID in Wiz.

The action succeeded.

Error executing action "Add Comment To Issue". Reason: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Add Comment To Issueaction:

Script result name	Value
`is_success`	`True` or `False`

Need more help? Get answers from Community members and Google SecOps professionals.